Legal News

Canadian Personal Information Security Breach Obligations – Preparing for Compliance

Éloïse Gratton April 30, 2018 Security Breach

Commencing November 1, 2018, Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) will require an organization that suffers a “breach of security safeguards” involving personal information under its control to keep prescribed records of the breach and, if the breach presents a “real risk of significant harm to an individual”, to promptly report […] Read more

Events News

Webinar: Complying with Canada’s Upcoming Breach Notification Requirements (August 29)

Éloïse Gratton August 10, 2017 Security Breach

I will participate, with Eduard Goodman, Global Privacy Officer for Cyberscout, at a webinar taking place on Tuesday, August 29, at 11 am PT / 2 pm ET on the management of cybersecurity breaches and notification requirements. The amendments to PIPEDA – through the Digital Privacy Act – will require private-sector organisations doing business in Canada to notify […] Read more

News

Cybersécurité:Ce que tout dirigeant doit savoir en matière de gouvernance et gestion de risques

March 22, 2017

Palais des congrès de Montréal

Éloïse Gratton March 8, 2017 Security Breach

Je participerai à l’événement annuel Hop! Le Sommet du commerce de détail se déroulant au Palais des congrès de Montréal les 21 et 22 mars prochain. Je présenterai le 22 mars sur les enjeux en matière de Cybersécurité et protection des renseignements personnels. La plupart des commerces de détail, peu importe leur taille, leur réputation ou les […] Read more

Legal News

Superior Court of Quebec Authorizes Privacy Class Action in Zuckerman v. Target Corporation

Éloïse Gratton February 3, 2017 Security Breach

Privacy class actions triggered by data breaches are growing in popularity in Canada, with more than 30 of them pending throughout the country. While none of these cases have yet been heard on their merits, some are being certified or authorized. The Superior Court of Quebec recently rendered judgment on a motion to authorize a […] Read more

Events Legal News Videos

With no global standard for data privacy, laws outside U.S. differ in scope

Éloïse Gratton January 25, 2017 Security Breach

I was recently interviewed by CyberScout just after I appeared on a privacy panel at CyberScout’s Privacy XChange Forum entitled “Where In the World: A Quick and Easy Breakdown of Privacy Standards and Regulations”. In the interview, I summarize the breach notification regulations in Canada and discuss what should be included in a cybersecurity plan. I also discuss […] Read more

News

Ashley Madison Security Breach: Lessons Learned and Valuable Recommendations for all Businesses

Éloïse Gratton August 26, 2016 Security Breach

On August 22, 2016, the Office of the Privacy Commissioner of Canada (OPC) released an important joint investigation report regarding the Ashley Madison data breach, which exposed the personal information of some 32 million users of the online dating website marketed to people who are married or in committed relationships. As part of its investigation, […] Read more

News

Forty hours on privacy

Éloïse Gratton December 23, 2015 Business transaction / CCTV / Class action / Cloud / Compliance / Consent / Damages / eCommerce / Geolocation / Image / Liability - Lawsuit / Marketing / Mobile / Online / Online Behavioral Advertising / Privacy policy / Reputation / Revenge Porn / Security Breach / Social Media / Spam / Surveillance / Telco / Tort / Web 2.0 / Workplace

I will be teaching, for a fourth consecutive year, DRT-6929E-A, a privacy law course at the  University of Montreal Law Faculty. The class is offered to Masters degree students and takes place every Monday from 4 to 7pm, January 11 to April 11, 2016. I have been teaching since 2009 (e-commerce law from 2009 – […] Read more